'\" t
.\"     Title: IPSEC_SETUP
.\"    Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
.\"      Date: 10/06/2010
.\"    Manual: [FIXME: manual]
.\"    Source: [FIXME: source]
.\"  Language: English
.\"
.TH "IPSEC_SETUP" "8" "10/06/2010" "[FIXME: source]" "[FIXME: manual]"
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
ipsec_setup \- control IPsec subsystem
.SH "SYNOPSIS"
.HP \w'\fBipsec\fR\ 'u
\fBipsec\fR \fIsetup\fR \fIcommand\fR
.SH "EXAMPLES"
.HP \w'\fBipsec\fR\ 'u
\fBipsec\fR \fIsetup\fR {\ start\ |\ stop\ |\ restart\ }
.HP \w'\fBipsec\fR\ 'u
\fBipsec\fR \fIsetup\fR status
.SH "DESCRIPTION"
.PP
\fISetup\fR
controls the Openswan IPsec subsystem, including both the Klips or Netkey (XFRM) kernel code and the Pluto key\-negotiation daemon\&. (It is a synonym for the \(lqrc\(rq script for the subsystem; the system runs the equivalent of
\fBipsec setup start\fR
at boot time, and
\fBipsec setup stop\fR
at shutdown time, more or less\&.)
.PP
The action taken depends on the specific
\fIcommand\fR, and on the contents of the
\fBconfig\fR
\fBsetup\fR
section of the IPsec configuration file (/etc/ipsec\&.conf, see
\fBipsec.conf\fR(5))\&. Current
\fIcommand\fRs are:
.PP
\fBstart\fR
.RS 4
start Klips and Pluto, including setting up Netkey (XFRM) or Klips to do crypto operations on the interface(s) specified in the configuration file\&. and (if the configuration file so specifies) asking Pluto to negotiate automatically\-keyed connections to other security gateways
.RE
.PP
\fBstop\fR
.RS 4
shut down Klips or Netkey (XFRM) and Pluto, including tearing down all existing crypto connections
.RE
.PP
\fBrestart\fR
.RS 4
equivalent to
\fBstop\fR
followed by
\fBstart\fR
.RE
.PP
\fBstatus\fR
.RS 4
report the status of the subsystem; normally just reports
\fBIPsec running\fR
and
\fBpluto pid \fR\fInnn\fR, or
\fBIPsec stopped\fR, and exits with status 0, but will go into more detail (and exit with status 1) if something strange is found\&. (An \(lqillicit\(rq Pluto is one that does not match the process ID in Pluto\'s lock file; an \(lqorphaned\(rq Pluto is one with no lock file\&.)
.RE
.PP
The
\fBstop\fR
operation tries to clean up properly even if assorted accidents have occurred, e\&.g\&. Pluto having died without removing its lock file\&. If
\fBstop\fR
discovers that the subsystem is (supposedly) not running, it will complain, but will do its cleanup anyway before exiting with status 1\&.
.PP
Although a number of configuration\-file parameters influence
\fIsetup\fR\'s operations, the key one is the
\fBinterfaces\fR
parameter, which must be right or chaos will ensue\&.
.SH "FILES"
.PP
/etc/rc\&.d/init\&.d/ipsec the script itself
/etc/init\&.d/ipsec alternate location for the script
/etc/ipsec\&.conf IPsec configuration file
/proc/sys/net/ipv4/ip_forward forwarding control
/var/run/pluto/ipsec\&.info saved information
/var/run/pluto/pluto\&.pid Pluto lock file
/var/run/pluto/ipsec_setup\&.pid IPsec lock file
.SH "SEE ALSO"
.PP
ipsec\&.\fBconf\fR(5),
\fBipsec\fR(8),
\fBipsec_manual\fR(8),
\fBipsec_auto\fR(8),
\fBroute\fR(8)
.SH "DIAGNOSTICS"
.PP
All output from the commands
\fBstart\fR
and
\fBstop\fR
goes both to standard output and to
\fBsyslogd\fR(8), via
\fBlogger\fR(1)\&. Selected additional information is logged only to
\fBsyslogd\fR(8)\&.
.SH "HISTORY"
.PP
Written for the FreeS/WAN project <\m[blue]\fBhttp://www\&.freeswan\&.org\fR\m[]> by Henry Spencer\&.
.PP
Modified for Openswan <\m[blue]\fBhttp://www\&.openswan\&.org\fR\m[]> by Tuomo Soini\&.
.SH "BUGS"
.PP
Old versions of
\fBlogger\fR(1)
inject spurious extra newlines onto standard output\&.
